Stop using telnet and start using netcat

By | 2013/12/19

Running telnet to port 80 is fun and all, but instead gain some hacker cred and start using netcat! Check this out.

netcat opens a raw connection to a service port. It is very useful to get information about a host without an intensive scan like nmap. You can also send requests to the service with netcat as well.

Ex 1: Connect to a webserver and send a GET request with headers
$ nc -v 80

Then type your GET request for / along with at the minimal a Host header.

Host: [ENTER]
$ nc -v 80
DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: !=
DNS fwd/rev mismatch: != [] 80 (http) open
GET / HTTP/1.1
User-Agent: My Cool Browser 1.0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 20 Dec 2013 01:34:26 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Expires: Fri, 20 Dec 2013 01:34:27 GMT
Cache-Control: max-age=1
Strict-Transport-Security: max-age=0
X-DuckDuckGo-Locale: en_US

301 Moved Permanently

Ex 2: Need to grab an SSH banner?
$ nc -v 22

Hey look, wikipedia runs Ubuntu 12.04. They should set DebianBanner no in their sshd_config.

$ nc -v 22
DNS fwd/rev mismatch: != [] 22 (ssh) open
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1

Ex 3. mysql banner

Surely you don’t have mysql public do you? Well, let’s use netcat to grab the mysql banner.

Cool mysql 5.1.66. CentOS 6? 🙂

$ nc -v 3306
Warning: forward host lookup failed for Unknown host [] 3306 (mysql) open

Ex 4. Talk to a mail server
$ nc -v 25
Connection to 25 port [tcp/smtp] succeeded!
250-SIZE 26214400

Hack on,